Routing

Expand all | Collapse all

import override for individual eBGP peers

Jump to Best Answer
  • 1.  import override for individual eBGP peers

    Posted 03-22-2018 16:26

    Hi,

     

    This is probably a simple one, but I'd like to confirm if the logic of my configuration makes sense. I am attempting to export a specific set of prefixes to one BGP peer (neighbor 192.168.1.17). That peer happens to be part of a BGP peering group (ebgp_peers). This set of prefixes (dc-plus-one-subnets) advertised to neighbor 192.168.1.17 will differ from all other peers in the peerig group. I will export everything in prefix-list dc-subnets via policy-statement export-to-bgp-peers to those other peers.  My understanding is that the hierarchy goes - individua peer, then group, then group in that order preference.

     

    Also, is it considered bad practise, or just lazy to export/import direct from a prefix list as opposed to a policy-statement?

     

    Here is my propsed configuration. 

     

    !

    !!! define our address space in a prefix list !!!

    set policy-options prefix-list dc-subnets 10.1.0.0/24

    set policy-options prefix-list dc-subnets 10.2.0.0/24

    set policy-options prefix-list dc-subnets 10.3.0.0/24

    !

    !!! define our address space with one addition in a prefix list !!!

    set policy-options prefix-list dc-plus-one-subnets 10.1.0.0/24

    set policy-options prefix-list dc-plus-one-subnets 10.2.0.0/24

    set policy-options prefix-list dc-plus-one-subnets 10.3.0.0/24

    set policy-options prefix-list dc-plus-one-subnets 10.100.0.0/24

    !

    !!! policy statement to export those dc-subnets to most peers !!!

    set policy-options policy-statement export-to-bgp-peers term get-routes from prefix-list internal-dc-subnets

    set policy-options policy-statement export-to-bgp-peers term get-routes then accept

    set policy-options policy-statement export-to-bgp-peers term others then reject

    !

    set policy-options policy-statement peer1_prefixes term filter-default from route-filter 0.0.0.0/0 exact

    set policy-options policy-statement peer1_prefixes term filter-default then reject

    set policy-options policy-statement peer1_prefixes term remote-nets from route-filter 10.64.0.0/24 exact

    set policy-options policy-statement peer1_prefixes term remote-nets then accept

    set policy-options policy-statement peer1_prefixes term default then reject

    !

    set policy-options policy-statement peer2_prefixes term filter-default from route-filter 0.0.0.0/0 exact

    set policy-options policy-statement peer2_prefixes term filter-default then reject

    set policy-options policy-statement peer2_prefixes term remote-nets from route-filter 10.65.0.0/24 exact

    set policy-options policy-statement peer2_prefixes term remote-nets then accept

    set policy-options policy-statement peer2_prefixes term default then reject

    !

    set policy-options policy-statement peer3_prefixes term filter-default from route-filter 0.0.0.0/0 exact

    set policy-options policy-statement peer3_prefixes term filter-default then reject

    set policy-options policy-statement peer3_prefixes term remote-nets from route-filter 10.66.0.0/24 exact

    set policy-options policy-statement peer3_prefixes term remote-nets then accept

    set policy-options policy-statement peer3_prefixes term default then reject

    !

    !

    set routing-instances rt-shared protocols bgp group ebgp_peers type external

    set routing-instances rt-shared protocols bgp group ebgp_peers peer-as 1234

    set routing-instances rt-shared protocols bgp group ebgp_peers neighbor 192.168.1.1 import peer1_prefixes

    set routing-instances rt-shared protocols bgp group ebgp_peers neighbor 192.168.1.9 import peer2_prefixes

    set routing-instances rt-shared protocols bgp group ebgp_peers neighbor 192.168.1.17 import peer3_prefixes

    set routing-instances rt-shared protocols bgp group ebgp_peers neighbor 192.168.1.17 export dc-plus-one-subnets

    !!! export statement for the bgp group !!!

    set routing-instances rt-shared protocols bgp group ebgp_peers export export-to-bgp-peers

     

    Thanks!

     



  • 2.  RE: import override for individual eBGP peers

    Posted 03-22-2018 18:51

    My understanding of the query here is that you are trying to advertise a specific set of prefixes to a peer in a peer-group which are different to the other peers of the same peer group.

     

    So yes a peer level import/export  will override a group level import/export policy. And a group level policy will override the global BGP import/export policy.

     

    Below is a very good documentation in to clarify on the raised query.

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/policy-bgp-levels.html



  • 3.  RE: import override for individual eBGP peers

    Posted 03-22-2018 23:40

    Hello,

    In addition to what has been said wrt export policy levels & rules, You may find that Your BGP configuration group "ebgp_peers" is actually split by JUNOS into 2 update groups : one for  192.168.1.17, and another for the rest.

    "show bgp group" should confirm that.

    Whereas it is non-issue due to Your low BGP peer count, it may have an effect when Your peer count goes into thousands.

    HTH

    Thx

    Alex



  • 4.  RE: import override for individual eBGP peers

    Posted 03-26-2018 05:16

    For your other query, I would say, Using prefix-list or not depends on network requirement. Unless you end up exhausting any network resource, it should be okay. On the other side, using other parameters may provide better/ more logical approach to achieve same results, but again, a lot depends on requirement and network setup.



  • 5.  RE: import override for individual eBGP peers
    Best Answer

    Posted 03-26-2018 06:48

    Thanks very much to all contributors for your time and for clearing that up for me. Much appreciated.